Online Computer Network Security Self Assessment Questionnaire

v3 – Last updated 5/1/18

“Is Your System Secure Enough?”

Ten questions that can help you gauge the health of your computer network.

The following 10 questions were written by a veteran network analyst, and are designed to represent minimum benchmarks for the management of networks of larger than 10 users (given current available/affordable technologies). He could have written many more than 10 questions, but we told him to stop at 10. Allow yourself 10 points for each question answered in the affirmative (max 100). Partial points allowed. Add up your points at the end of the quiz to give your network a grade score. (Online Computer Network Security Self Assessment Questionnaire – Start)

Security Considerations

Installing anti-virus software on a business’s computers isn’t enough. A multi-layered approach for network security should be defined. What might this look like?

1. Is anti-virus software configured to report security events to administrators?
2. Are you alerted when antivirus protection is not updating or is disabled on any of your computers or servers?
3. Is the gateway security appliance more capable than the typical low end commercial model?
   1. If your gateway security appliance does not give you transparency into your traffic flows it is insufficient.
   2. If your gateway security appliance does not have active “intrusion prevention” features including auto-blacklisting it is insufficient.
4. Does the organization have a system in place to define which Internet resources are accessible from inside the business network?
   1. A secure network would not allow outbound traffic to every possible neighborhood. Ideally this system would also be capable of alerting administrators to suspect traffic emanating from internal devices.
   2. Sites known to host malware, cracked software, and run scams for example should be rendered unreachable by internal devices.
   3. Management may favor restricting outbound traffic further such as to porn or social media sites.
   4. Ideally everything discussed above would be centrally managed.
5. Does the business have procedures to keep guests and cellphones off WiFi access points that are attached to the internal LAN?

Server & Backup Considerations

6. Are your servers being monitored in real-time for critical events such as disk and other failures?
7. Is the backup system for both internal infrastructure and cloud resources automated to the extent where no human interaction is required?
   1. Are copies automatically stored off-site?
   2. Is there a functional “firewall” so to speak between backups and your internal systems? If ransom-ware gets on your network, will it be able to harm your backups?
   3. Do you have multiple days worth of backups (preferably off-site) in case the most recent day’s backups are affected by ransom-ware?

Desktop/Laptop Considerations

8. Does the business employ a system capable of monitoring and tracking the status of company desktops and laptops?
9. Does the business have a centralized remote connectivity solution capable of logging when trusted employees access their computers from outside the office?
10. Does the business have a patching system designed to enforce security patch compliance for both operating systems and third party patches such as Java, flash, adobe reader, etc.?

Conclusion

If your organization has 10 or more people and you scored above an 80 on this assessment; it would seem you need little additional help to adequately secure and protect your firm’s infrastructure. If you believe your network has scored below an 80 on this assessment, your business’s operations may be subject to unexpected events and unnecessary downtime. (End of the ‘Online Computer Network Security Self Assessment Questionnaire’)

Assisting small businesses with these challenges is our specialty. Call us today for a free consultation, and allow us to get started rectifying these issues within your computing environment.

Call AVAREN today 214-379-4200